Summary: | PGP/MIME email subject and header encryption / "memory hole" | ||
---|---|---|---|
Product: | Claws Mail | Reporter: | Hanno Boeck <hanno> |
Component: | Plugins/Privacy/PGP | Assignee: | users |
Status: | NEW --- | ||
Severity: | enhancement | CC: | claws-mail-devel, filippogentile, linux.felixbecker2 |
Priority: | P3 | ||
Version: | 4.2.0 | ||
Hardware: | PC | ||
OS: | Linux | ||
Attachments: |
Experimental read of encrypted subject
Patch from BUG 3904 rebased on master and fixed |
Description
Hanno Boeck
2018-04-09 10:27:35 UTC
Yes, please add support for "memory hole". I think the specs can be found now under: https://github.com/autocrypt/memoryhole It has an incomplete version. Please reach out to #autocrypt. https://github.com/autocrypt/memoryhole/issues/9 I second this feature request strongly. More and more people communicate with encrypted emails, and I see a lot of subjects just as `...`. Which makes it more and more hard to look through my emails. Created attachment 2350 [details]
Experimental read of encrypted subject
Hello,
I've written a small patch to read original email subject when sender is
encrypting it with protected-headers-v1 standard
The patch is still experimental but I'd like to get some feedback.
I'm working also on sending email with encrypted headers but that's more difficult given current code structure.
First patch is a fix for a memory leak but needs confirmation.
Is protected-headers-v1 a standard now? Where is the RFC? I don't think it has been approved yet but it's already implemented by some clients. - Mutt: https://github.com/neomutt/neomutt/commit/53c0a3b650f8d9a01cbf0f5ec19c165b86f1731b - KMail: https://userbase.kde.org/Special:MyLanguage/KMail/Protected_Headers - Thunderbird: https://github.com/mozilla/releases-comm-central/blob/9548311ac3161a8801fa61785c7185eb278b5bbb/mail/extensions/openpgp/content/modules/mime.jsm#L168 This also suggests not only "Subject:" header gets obfuscated but also other headers - Enigmail: https://gitlab.com/enigmail/enigmail/-/commit/ac38704ad1d2b6494a429dd03ed2ea52f304a606 (In reply to Filippo from comment #4) > Created attachment 2350 [details] > > [...] > > The patch is still experimental but I'd like to get some feedback. I have tested and it decrypts protected `subject:` line from a Thunderbird sender. What I see what it does: * It replaces the subject in the message list. * Shows the decrypted headers in the message below the unencrypted original headers. What I see what it does not: * When I reply, the subject is still "Re: ...". This might bee intentional to not copy the encrypted Subject into the unencrypted one. * When writing a message, creating an encrypted subject. Regards! I forgot: (In reply to linux.felixbecker2 from comment #7) > (In reply to Filippo from comment #4) > > Created attachment 2350 [details] > > > > [...] > > > > The patch is still experimental but I'd like to get some feedback. > > [...] > > What I see what it does not: > > * When I reply, the subject is still "Re: ...". This might bee intentional > to not copy the encrypted Subject into the unencrypted one. - also when I reply and not modify the subject, the encrpyted subject of the message I reply to is lost and just "Re: ..." is the only (non-encrypted) subject generated. Just a note for the ones following here: In issue #4426 (https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4426) is also a discussion about encrypted headers. (In reply to linux.felixbecker2 from comment #8) That is surely what you want, or else you would reveal the Subject which your recipient wanted hidden. (In reply to Paul from comment #10) > (In reply to linux.felixbecker2 from comment #8) > That is surely what you want, or else you would reveal the Subject which > your recipient wanted hidden. Not quite what I want. What I want is that the unencrypted subject stays "..." or "Re: ...", but that the real subject actually is added as encrypted subject and not skipped out completely. (In reply to linux.felixbecker2 from comment #11) It was clearly stated in comment #4 that the current patch does not do that. Created attachment 2352 [details] Patch from BUG 3904 rebased on master and fixed Hello again! I've rebased patch from BUG 3904 (3 years old) on current master. Then I've fixed some segmentation faults and memory leaks and it's working. What this patch does: - Show encrypted headers in TextView - Verify match between encrypted and plain headers (is this useful? I mean is it a proof of message not being tampered or should we only support PGP signature?) What this patch does not: - Show encrypted subject in HeaderView - Show encrypted subject in SummaryView - Cache encrypted subject for future email search/quick view in summary - Allow sending mails with encrypted headers Now that both my patch, this one and the one from BUG 4426 are working I will compare the implementations and try to merge the new features *** Bug 4426 has been marked as a duplicate of this bug. *** |